Somewhere between the audit committee and the cyber-insurance renewal, a question has started landing on management: “Where are we against the NIST AI framework?” It sounds like a compliance question. It isn't — and the difference decides whether your answer holds up.
First, the fact most vendors won't lead with
There is no NIST AI RMF certification. No accreditation, no authorized assessor, no badge to hang on the wall. NIST designed the AI Risk Management Framework (AI RMF 1.0, released January 2023) to be voluntary and non-prescriptive — its own text says the framework is not a checklist, and that organizations may adopt the parts that fit their context.
That cuts two ways. Nobody can make you “NIST compliant,” and anyone selling that phrase is selling something NIST does not offer. But it also means the board's question can't be closed with a certificate. The only honest answer is evidence: what AI you actually run, what it touches, and how that maps to what the framework asks.
What the four functions actually ask
The framework organizes AI risk into four functions, broken into 72 subcategories. Stripped of the framework vocabulary, they ask four plain questions:
- Govern — Who is accountable? Are there policies, trained people, and defined risk tolerances?
- Map — What AI systems exist, where, doing what, affecting whom?
- Measure — Is any of it tested? Documented test sets, monitoring in production, evidence of validity and fairness?
- Manage — When Map and Measure surface risks, does anyone prioritize and act on them?
Notice what happens when a company tries to answer these from memory. Govern produces a policy document. Map produces a slide listing the AI projects people remember. Measure and Manage produce silence — because those answers live in the engineering system, not in anyone's head.
Half the framework is already answered in your codebase
Here's what most compliance conversations miss: the Measure function — the one companies stall on — is the most code-visible part of the entire framework. NIST asks for rigorous software testing methodologies, documented test sets and evaluation tooling, production monitoring, and fairness evaluation artifacts. Those either exist in your code, tests, CI and observability infrastructure, or they don't. No workshop required. Someone just has to go read.
The same is true for the inventory the Map function assumes. The model scoring applicants, the LLM call a team wired in last quarter, the AI buried three dependencies deep — the code records all of it, including the systems nobody put on the slide. And the 2024 Generative AI Profile added a risk category that is almost purely code-visible: value-chain and component integration — which pre-trained models, procured datasets and third-party libraries your AI actually depends on.
The honest scope
A code read cannot see the Govern function. Policies, accountable roles, training records — that's organizational evidence, and any assessment claiming to cover the full framework from a scan alone is overclaiming. The credible structure is: code-derived evidence for Map, Measure and the value chain; a governance review for the rest. NIST's own method even names the deliverable — a Current Profile compared against a Target Profile, with the gaps ranked.
Why answer now, if it's voluntary?
Because the question arrives through channels you don't control: enterprise procurement questionnaires that borrow the framework's vocabulary, cyber-insurance riders, investor diligence, and board members reading about AI liability. US state AI laws and the EU AI Act ask for the same underlying facts the framework organizes — which systems, what data, what decisions, what oversight. Map it once from the code and you reuse the same evidence base across every regime that reaches you.
One caution from the moving-target file: the original Colorado AI Act referenced NIST-aligned risk programs in its defenses, and the 2026 reenactment dropped that language. Statutes will keep moving. Evidence doesn't. Companies that anchor on facts about their own systems don't have to re-answer from scratch every time a legislature edits a definition.
What a board-grade answer looks like
When the question comes, the strong version of the answer is not “we're working on a policy.” It's a page: every AI system in the product, traced to source; what data each one touches; what testing and monitoring exists around each; which framework subcategories that evidence answers; and a ranked list of the gaps — including the honest line that says which questions need an organizational review, not a code read.
That's the answer a board can forward to an insurer, an acquirer, or a regulator without wincing. Not because it's certified — nothing is — but because every line of it traces to something checkable.
We've written up how we produce that read — what the framework requires, what code can and can't evidence, and the deliverable format — on our NIST AI RMF page.